PHP探秘（一）--魔术引用(3)：ucenter对魔术引用的处理(addslash)

天狼晓月 · 发表于 2014-1-10 14:41:49

ucenter对魔术引用的处理是不安全的。

$_GET = daddslashes($_GET, 1, TRUE);$_POST = daddslashes($_POST, 1, TRUE);$_COOKIE = daddslashes($_COOKIE, 1, TRUE);$_SERVER = daddslashes($_SERVER);$_FILES = daddslashes($_FILES);$_REQUEST = daddslashes($_REQUEST, 1, TRUE);function daddslashes($string, $force = 0, $strip = FALSE) { if(!MAGIC_QUOTES_GPC || $force) { if(is_array($string)) { foreach($string as $key => $val) { $string[$key] = daddslashes($val, $force, $strip); } } else { $string = addslashes($strip ? stripslashes($string) : $string); } } return $string;}

		自动登录	找回密码
密码			立即注册